Your business is likely subject to certain compliance laws and regulations depending on the type of data you collect from your clients or customers. Today, we want to emphasize the importance of your business considering regulation and compliance when managing its data and IT resources, as without doing so, you run considerable risk.
Digital monitoring is a bit of a contentious topic in business, but according to a survey from Gartner, it might not be as contentious of a topic as previously thought. In fact, employees are often in favor of digital monitoring under the appropriate circumstances, as long as it doesn’t get in the way of their jobs.
It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.
It’s incredibly important to keep your personally identifiable information secure, but what exactly constitutes PII? Today we offer a definition and suggestions or strategies to help you keep your PII safe.
Let’s face it, the majority of Internet consumers have no idea about data security until something terrible happens. Until they get malware, or get their identity stolen, or their accounts hacked, they assume that there is enough built-in security to facilitate any behavior online. This is not ideal, obviously, but there are a small number of people, around 29 percent, that have enough security awareness to avoid certain websites.
By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses.
Let’s face it, your business’ cybersecurity starts and ends with your staff. They need simple, practical directions to follow or they simply won’t pay any mind to it. You don’t want to be the business that deals with significant turnover because security tasks are so demanding that their employees would rather work elsewhere. You will want to take the time to go through every part of your IT and brainstorm potential problems. You will address situations such as:
In a society where getting over on other people is the quickest way to the top, people are constantly looking to take advantage of others. We create security systems for this purpose. Since every person’s identity is unique it is often used for authentication into these secure systems. Nowadays, with the advancement of biometric technology, many organizations are pushing the envelope and using unique physical identifiers as authorization methods, and it is causing problems with the security/privacy equilibrium most people favor.
Biometrics are being used everywhere from the digital security of mobile devices all the way to border security and identification. Biometrics include:
...And more.
These technologies are used to effectively identify and authenticate people simply by pairing the information with existing database information. With this technology being more accessible due to falling prices, it is now being rolled out all over the world for a multitude of purposes. Across the world you can find biometrics being integrated into systems. The US FBI has a massive fingerprint database they use to help identify people. China’s Social Credit system is run on facial recognition. Businesses, like your bank, may be using your voice to authenticate who you are over the phone. With so much data being captured, and with the seemingly endless ways this technology can be used to secure almost anything, it turns out that it really isn’t securing much of anything.
The immense scale of biometric data systems makes securing this extremely personal information nearly impossible. The question has to be asked: can a system be a human identification system and also work as an authentication system? It turns out that with all the challenges people use biometric security systems for, the only thing that it is truly good for is identifying who a person is. That’s not to say that systems can’t work in small doses, but a main problem with these systems is that the information captured--the data that is being used for the security of these physical and virtual systems--has to be saved somewhere. Moreover, with organizations mining data left and right, this very private and extremely sensitive data ends up as just another piece of data captured by corporate entities looking to turn it into a quick buck.
If that doesn’t scare you, consider that organizations and governments possessing this data and losing it to hackers, who much like these massive corporate entities, will be using it to gain a monetary advantage. Losing your identity to a hacker is a traumatic experience, but with these biometric systems, it takes on a whole new meaning. Even scarier yet is that artificial intelligence has been proven to compromise biometric indicators, leaving biometrically-protected systems accessible without physical authentication.
We touched on this a little above, but the lack of privacy that a biometric reliant system would provide the individual would be frightening. You see, the biometric security system isn’t designed to allow for invasions of privacy, but because this technology is just in its infancy, and organizations are using it in ways that it may not be designed for, the minute a person puts his/her information into a biometric system, privacy is out. The production of the data, the way it is stored, the way it is compared to database data raise big concerns for the individual and his/her privacy.
Additionally, with changes to physiology, these biometric systems have to have some deviation built in. This poses a lot of questions about what is secure and what isn’t. These systems are definitely state-of-the-art, but if you compare the effectiveness of the security to the systems that we’ve been using (Passwords, PIN, Two-factor authentication), it’s hard to say that these advanced biometric systems are any better at keeping data or infrastructure secure.
Biometrics are definitely here to stay, but before you implement a biometric security system into your business, call the professionals at Coleman Technologies to discuss the benefits and detriments of doing so; and, the strategies where biometrics will excel. Call us at (604) 513-9428 today.
Consider how many opportunities Facebook has to collect information about you: there’s quite a few. For one thing, you literally tell the platform the things you “Like.” Semi-joking aside, there’s also the stuff you post, which advertisements attract your attention, and many other means for them to construct a pretty solid profile on you.
You can see this profile for yourself. In the aftermath of the Cambridge Analytica scandal - where third-party users were granted free reign and access to Facebook user info - Facebook made a promise to be more transparent. This profile is part of that transparency.
Viewing this information is pretty simple, whether you’re on your computer or you’re using the mobile application.
On a desktop or laptop:
From the Facebook mobile app:
The “data is ready” notification will probably come after about an hour - it really depends on how long you’ve been a user, and how active you’ve been. Most people will probably have a file that takes up a few gigabytes.
Now that the report is available to you, click on Your Facebook Information.
Access Your Information - Facebook provides you with an itemized and viewable list of your Posts, Photos, and Location history ready for viewing.
Activity Log - Consider this a comprehensive timeline recap - almost a scrapbook, prepared by Facebook.
Deactivation and Deletion - People used to complain that deleting a Facebook account was a difficult process. Not anymore!
When you do review your file, the information they have can be shocking, mainly due to the location-based aspect of it all. You can pull up a given day and find out exactly where you were and what you did. Facebook kept track for you.
Then, you need to consider the Ads. This section will show you all of the advertisers who provided Facebook with a contact list your name appeared on. It isn’t that Facebook gave away this information, advertisers already had it and gave it to Facebook to target you on the platform.
While it completely makes sense that Facebook would know a lot about you, seeing it all laid out (and how much of it didn’t come from your profile) isn’t exactly comforting… Facebook has been too involved in a few major data breaches. Just think - there’s a profile just like the one you retrieved about you, for over a quarter of all of the people in the world.
This rabbit hole goes deeper, too. Make sure you check back soon for part two of three of this Facebook privacy blog series.
You probably had a notion that Facebook had a bunch of your information, but how much information outside of your general profile makes you nervous when they are accused of major data breaches. What’s scarier is that the service is used by over a quarter of the world’s population.
This is only the tip of the iceberg of the information we will share about this social media giant. Check back for part two of our three-part blog series about Facebook privacy.
That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.
To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.
From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.
Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.
On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.
If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.
While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.
Remember, you should never use a password for more than one online account.
After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started.
You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.
Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next.
Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.
If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.
Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.
Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.
Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.
You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.
Stay tuned for part three of this series, coming soon.
While we wish we could show you how to really accomplish true privacy on Facebook, the only way to actually reach that threshold would require you to have never signed up in the first place. This doesn’t mean, of course, that there is nothing that you can do now to protect your information - sharing more cognizantly and keeping it within circles you trust.
Like we said, Facebook has seen some pretty egregious security issues during its time. While we aren’t going to go too far into the weeds with these events, a quick summary might help to illustrate how careful users should really be as they use the platform:
Unfortunately, concerning events like these happen far too regularly to Facebook. There just seems to be difficulty in keeping their user data secure. This is why you need to pay particular attention to the settings on your own Facebook profile. Let’s go over how your information can most effectively be protected by ensuring these settings are configured properly.
On your desktop, log in to your Facebook account. At the top-right of the page, there will be a small down arrow. Click it to access a menu, then click Settings.
You will be brought to another page, with Privacy in your list of options. Click into it.
From here, you can set your privacy options that restrict who has access to your information. For example:
Public - Setting your privacy to public is effectively turning off your privacy options. Not only can all other Facebook users potentially see your profile, even people who aren’t signed in could access it. Hypothetically, this means that the search engines could find you are well.
Friends - This setting restricts viewing privileges to only your confirmed Facebook friends.
Friends except… - If there are particular friends or members of a particular group who shouldn’t see certain information, you can prevent them from seeing this on their Facebook.
Only me - This means that (outside of Facebook) you are the only person with access to what you have posted. Just to be safe, we recommend that you still refrain from sharing anything that you wouldn’t be comfortable sharing publicly.
You also have the ability to choose the audience for each individual post. While this may give the impression of improved control over your privacy, the biggest threat to your Facebook security is probably Facebook itself.
Of course, that doesn’t mean that you aren’t given plenty of privacy options to play with. Let’s go over some of them now:
Who can see your future posts? This setting establishes a default privacy setting for the content you post on Facebook in the future. This helps insulate you from sharing content out to those who shouldn’t see it.
Review all your posts and things you’re tagged in. By using the Activity Log, you can review the entirety of your timeline and manage the permission settings of past posts. You can also review posts you have been tagged in from here.
Limit the audience for posts you’ve shared with friends of friends or Public. This is a semi-nuclear option when it comes to locking down what you’ve posted in the past. By clicking Limit Past Posts, you can change all of what you posted publicly or to friends of your friends to only be accessible to those on your Friends list. Fair warning - Facebook doesn’t provide any way to revert this, so you would have to go through your posts by hand to change them back if you so wished.
Who can send you friend requests? Depending on your preference, you have the option of picking between Everyone or Friends of friends. Unlike many of the other settings on this list, leaving this set to Everyone is probably okay.
Who can see your friends list? On the other hand, there is no reason that the rest of the world needs to see who you are connected with on Facebook. Setting this to Only me will keep this information between you and Facebook, nobody else.
Who can look you up using the email address you provided? Do you want someone who has your email to be able to find you on Facebook using it? Most likely not - so restricting this to Friends or Only me is probably in your best interest.
Who can look you up using the phone number you provided? Again, it’s really your call whether or not to allow Facebook users to find you via your phone number, but it really isn’t that necessary. You’re fine setting this to Friends or Only me.
Do you want search engines outside of Facebook to link to your profile? This one really depends on your situation. Facebook can work to prevent the assorted search engines out there, including Google and Bing, from indexing your profile (allowing searchers to find it). Most people will likely want to switch this off, but if your personal brand is part of your business, it makes more sense to turn this option to Yes.
We all have embarrassing friends, and so you may want to avoid having them be able to freely post content to your wall - for instance, your college buddy Greg seems to have no problem with sharing candids from the good ol’ days… and tagging you in them.
Potential situations like this make it all the better that Facebook gives you control over who can post to your timeline, and who can see this content. You can access your many options to do so by clicking into Timeline and Tagging (which can be found on the left side of your Settings).
Who can post on your timeline? Naturally, you will definitely want to put a limit on this, as there is no reason that a total stranger should be reaching out on your personal profile. This is why it makes sense to only allow your Friends to do so - or, perhaps you alone with the Only me setting.
Who can see what others post on your timeline? This setting will largely depend upon who you have permitted to post on your timeline. If your Friends can post to your timeline, you definitely want your Friends to be the only ones who can see it - assuming you don’t want to maximize your privacy (and hedge your bets) with the Only me setting.
Allow others to share your posts to their stories? Ask yourself: do you want anything you post publicly to be shared by your Friends? If so, leave this one enabled.
Who can see the posts you’re tagged in on your timeline? Tagging can be an incredibly useful thing for someone trying to cultivate an image as an engaged thought leader, but it can also hurt your reputation, never mind your privacy. If people keep tagging you in assorted posts and you’d rather the public at large didn’t see these posts, you can keep these posts to your Friends, or even to Only me.
Review the posts you’re tagged in before the post appears on your timeline?
Alternatively, this is likely the best option for someone looking to be visible via tagged posts, while still remaining in control of which posts that are linked to them. Basically, you can be notified if you are ever tagged in some Facebook content, and can opt whether or not it will appear on your timeline. Fair warning - any mutual friends you have with the person who has tagged you will be able to see the tagged content before you have a chance to review it. Regardless, it is best to keep this setting on.
Review tags people add to your posts before the tags appear on Facebook? Again, this is something you’ll want control over, so set this to on as well.
Again, from the Settings page, click into the Public Posts option on the left-hand side.
Who Can Follow Me - Rather than adding users as Friends, public figures can provide the option to just be followed by interested people. If you want to give the public at large this option, set this to Public. Otherwise, you can keep your posts among your Friends by setting this to Friends.
Public Post Comments - Or, who can comment on the posts that you’ve shared publicly. It is probably best to keep this restricted to either Friends, or perhaps Friends of Friends.
Public Profile Info - Some facets of your Facebook profile are generally available for anyone to see (like your name and profile picture). Who do you want to be able to comment on your profile picture? Keeping this capability restricted to your Friends or - maybe - Friends of Friends is probably best.
Facebook has the capability to track your location history. While this information isn’t shared with your Friends or followers (beyond letting your Friends know that you are nearby), the only real reason we could come up with for Facebook to track this is to be able to target you with ads more effectively. Hopefully, that’s the reason, but even so, it is better to be safe than sorry. After all, Facebook has a history of data security missteps.
Again, starting from the Settings page, click where it says Location on the left-hand side. From there, you can see what Facebook already knows by requesting to View your Location History. However, to disable this, you’ll need to use the mobile application.
From the app, access the 3-bar hamburger icon (found at the top-right), and scroll down until you see Settings & Privacy. From there, you should access Privacy Shortcuts, where you’ll see a new area with various settings and documentation regarding Facebook’s identity controls.
Find Manage your location settings (you shouldn’t have to scroll to find it). Once there, you should:
While you’re at it, you may as well delete your existing Location History.
Again, from within Privacy Shortcuts, select Manage your location settings and then View Your Location History. You will be asked for your password, and then you will see another 3-dot menu in the top-right. From there, you should Delete all location history.
Take note: if you post a photo with your location tagged, or check into some public place, you may be allowing Facebook access to your location data again.
Thank you for sticking with us for so long! We hope this helps you to secure your personal privacy on what is known as the social network. To learn more about protecting your privacy and information, geared more toward your business, reach out to Coleman Technologies at (604) 513-9428, and make sure to subscribe to our blog.
Before we get into the strategies of protection, let’s identify what constitutes personal information. It includes:
If you consider how many times a business has asked you for this information, you will understand just how exposed your personal data is. You may not consider it a big deal until you are in the throes of a situation where your identity has been stolen.
Your personal information is exchanged in nearly every transaction you take part in online. In response to this, you need to understand what these organizations use this information for, and how exposure of your sensitive data diminishes your data privacy. Obviously, the goal is to keep this information out of the hands that will take advantage of it and bring detrimental situations to your doorstep.
Once you realize that you can’t trust companies with your personal information, you have started to understand the lay of the land. In Europe, the establishment of the General Data Protection Regulation (GDPR) brought the first major privacy protection law, and you are beginning to see more governments considering what to do in regard to data privacy. In many parts of the world, privacy has been nonexistent. Monitoring your information is a great way to turn that trend on its head.
As of now, people continuously distribute their information to organizations with the confidence that those organizations are going to keep that data safe. This hasn’t worked out that well for the individual, but that doesn’t seem to deter them from sharing this information anyway.
Only 10 percent of people feel like they have control over their own data, but less than 25 percent of surveyed respondents believed companies are doing enough to protect it. What is strange is that 92 percent of respondents of the same survey said that they would like to have absolute control over their personal data, with 87 percent seeking the ability to remove personal data from the Internet if it negatively affects their reputation.
Just being diligent about who you give your data to simply isn’t enough to protect it; and with so few options available to do so, an individual’s best bet is to understand the threats they face. These include:
People provide personal information all the time, and unfortunately, the organizations they are giving it to don’t understand how to protect it properly; or, worse yet, actively use it for their own monetary benefit. With the lack of effort by these organizations, individuals have no choice but to take a diligent approach to keep sensitive data away from hackers, and keep their identities secure.
If you would like more information about data security, visit our blog at www.colemantechnologies.com today.
Fortunately, there is: password management systems.
A password manager is effectively what it says on the box: it’s a program that keeps track of your passwords for you. While these are available for individual users, we are more concerned with those that are meant for businesses to leverage.
These solutions have a reputation for being complicated and time-intensive to set up. However, this no longer has to be the case, and it is now more important that you find a solution that offers the features that every business needs to prioritize.
During your search, you will want to make sure your chosen password management system offers the following features:
While this may seem obvious, not all of your password management options will necessarily offer the same protections or follow the same practices. For instance, standalone password managers are inherently more secure than those tied to another solution, like a built-in one in your browser of choice.
These separate solutions usually have additional features to assist your security as you use them. Good password managers will remind you of best practices if too many saved passwords are the same or too weak and will require multi-factor authentication to be accessed in the first place. It also wouldn’t hurt to find one that also notifies you when you’re due to update some of the passwords you have saved.
It should also never save one password: the master password used to access the solution itself. That is still the user’s responsibility.
As far as behind-the-scenes security is concerned, you should find a password manager that is itself protected by a variety of security features, like encryption, role-based access, and secure cloud storage.
Determining where your credentials are kept by the password manager is another important detail to keep in mind, largely as an extension of your security considerations. Does your password manager save your passwords to the cloud, or are they kept natively on the device? Either approach has its pros and cons.
If the cloud is leveraged, your credentials will be available to you on any of your devices… but this does put your credentials in the crosshairs if that cloud solution was ever breached. If you keep your credentials stored locally, you won’t risk losing them in a cloud storage breach, but they are still vulnerable. For instance, if that device fails, there go your passwords.
Generally, this won’t have much impact on the solution you choose, as most enable either option, if not a combination of both.
As difficult as your password manager should make things for cybercriminals, it should make simple for your legitimate users - starting with adding and removing them to the business’ accounts. They should find it easy to change their password as needed, and your password manager should automatically log a user into a website or application. If it senses that there are not currently credentials for that site, it should offer to save them.
Coleman Technologies has plenty of experience dealing with password security, which means we’re familiar with password managers and maintaining them. If you’d like assistance with selecting, implementing, and utilizing one in your business, let us know! We’re just a call to (604) 513-9428 away.
Believe it or not, even a small business with a handful of clients has data worth stealing. You’re in business to make money, and by virtue of this fact, you likely collect and store financial information. In fact, you collect a ton of valuable data. The type of data that hackers are looking for.
In addition to all of the financial details you collect, there is also all of the contact information regarding leads, clients, and customers. With so many emails and phone numbers stored on your infrastructure, hackers can have a field day. They will have all the information they need to steal funds, distribute malware, and create unpleasant situations for your business.
Not all hackers have any specific goal in mind when they hack you. Sometimes all they want to do is make your life miserable. The unpredictability associated with hackers is one of the most dangerous parts of them, as they can take advantage of any overlooked vulnerabilities to create a problematic situation for you.
If your business falls victim to a hacker, it’s certain to affect your business' operations. In some cases, it could be subject to compliance fines that could break your budget and put your business at greater risk. Furthermore, you could lose access to important data that makes your business work, threatening its future and all but guaranteeing that recovery can never happen. Therefore, the importance of protecting your network can never be overstated.
Coleman Technologies can help your business implement the security solutions needed to maximize protection from threats. To learn more about what we can do for your organization, reach out to us at (604) 513-9428.
Prior to the implementation of GDPR, individual data privacy was mostly left up to the individual. In non-EU circles, this is still mostly the case, but GDPR has made issues related to this much more noticeable, such as the way this personal information can be used for corporate financial gain. GDPR was a response to these organizations failing to properly utilize user data. This included people having their personal information like names, addresses, email addresses, and even medical/financial information being utilized by advertising companies or worse. The largest corporate technology companies were using the data of individuals to turn a massive profit--a practice that seemed to be unfair to consumers.
EU member states have been legislating their own data protection laws prior to the establishment of GDPR. The United States has yet to jump on board this trend, though. With GDPR, organizations are seeing themselves as members of the global economy with strict new guidelines to adhere to. The GDPR is essentially an amalgamation of the laws that had previously existed, requiring all businesses to report certain types of personal data breaches within 72 hours to a supervised authority mandated by EU member nations.
This case was a landmark in that businesses were forced to remain more cognizant of how important data management is for the people who take advantage of their services. Before GDPR, many organizations failed to protect the data of their customers, staff, and vendors. In a way, GDPR forced them to begin thinking about data management, training staff, and investing in security.
The results of GDPR have been mixed, to say the least. Over 59,000 personal data breaches have been identified by companies notifying regulators. The sanctions for failing to comply with GDPR mandates carry fines of up to €20 million, or up to 4 percent of total revenue from the previous year (whichever is larger), leading to a more targeted and strategic approach to data security, as well as more prompt reporting of when data breaches occur. To take a look at the results the GDPR had in its first eight months, download the DLA Piper GDPR data breach survey, here.
Overall, the GDPR provided a substantial boost to data breach reporting speed. The mandate gave organizations up to 72 hours to notify breached parties, so there were fewer instances of breaches going years before being revealed to the general public. The GDPR has also resulted in nearly doubling the amount of reported incidents.
The fines resulting in these breaches being reported, however, is considerable to say the least. Fines totaling up to €55,955,871 have been levied against the companies responsible for the 59,000 reported incidents, with most of this being struck against Google. A French GDPR calls this year as more of a transitional phase rather than an indicator of the long-term effectiveness of the measure.
U.S. companies that do business in Europe aren’t safe from the measures initiated by GDPR, but organizations have started to change up their approach to data privacy. Many legislators are pushing for similar measures to GDPR, and CEOs like Apple’s Tim Cook have labeled data privacy a “fundamental human right.”
Unfortunately, this viewpoint seems to be in the minority of major American tech company leaders. Still, this hasn’t stopped states like California from implementing its own data privacy law. Other states like Colorado, Massachusetts, and Ohio were inspired to pass their own data privacy laws. Perhaps the federal government will consider acting to fill in the holes left by these data privacy laws.
What are your thoughts on GDPR and data privacy regulations? Let us know in the comments.
Under the GDPR - which came into effect on May 25, 2018 - any companies that have collected data on a resident of the European Union are then responsible for protecting that data. Furthermore, the GDPR grants these residents a far higher level of access and control over the data that organizations possess.
According to a poll, data privacy has become a bigger priority for 73 percent of respondents, 64 percent stating that they felt the security of their data was worse than it has been in the past. 80 percent want the ability to learn who has purchased their data, while 83 percent want the ability to veto an organization’s ability to sell their data in the first place. 64 percent also stated that they want the ability to have this data deleted.
Governing bodies at different levels have had different reactions to these demands. For instance, the state of California has already passed the Consumer Privacy Act (CCPA) - a piece of legislation that the House of Representatives' Consumer Protection and Commerce Subcommittee isn’t too fond of, as its position is that there needs to be a singular piece of legislation at the federal level to protect data. As of right now, data privacy is addressed in a combination of state laws and some proposed federal laws.
One of these proposed laws, the Data Care Act, spells out that (in addition to promptly alerting end users to security breaches) a service provider cannot legally share a user’s data without the receiving party also being beholden to the same confidentiality standards. Others include the Information Transparency and Personal Data Control Act, which requires transparency and personal control over data, the Consumer Data Protection Act, which could throw executives in prison for abusing data, and the American Data Dissemination Act, which sets a deadline for the government to enact privacy requirements upon businesses.
However, when the Consumer Protection and Commerce subcommittee met to discuss the prospect of a federal privacy law (which it was agreed was necessary), there weren’t any representatives for the average consumer - the ones whose data is really at stake. This reflects the hearings held last year by the Senate, also without consumer representation. Instead, technology companies were invited to participate during both sessions.
That being said, there is very little support among the committee for any regulations that are at all similar to the GDPR. One reason for this: the fear that small businesses will not find themselves able to afford the added cost of compliance.
For instance, there are a variety of potential burdens that such a measure could potentially impose upon small and medium-sized businesses. These burdens include:
It is worth noting that if your organization does business with people from the EU, you are responsible to adopt the privacy rules of the GDPR.
What do you think? Are laws like these necessary, especially given the cost they could put on small businesses? Have you had any data privacy concerns in the past? Share your thoughts in the comments.
What’s At Stake?
Imagine a scenario where your business has allowed an external entity entry to your network. What kind of sensitive documents are found on it? Think about all your trade secrets being stolen and sold somewhere on the black market, and that’s not even considering the repercussions of any personally identifiable information being stolen. And when your business has a reputation of network security being poor, you might start having trouble finding people who are willing to work with you. Plus, the fines associated with security breaches could be enough to force your business to file for bankruptcy.
Security Solutions for Business
Generally speaking, the most common security measures you will see for small businesses are enterprise-level solutions that are accessible, yet powerful at the same time. Among these are Unified Threat Management, Virtual Private Networks, and Mobile Device Management. All of these services provide some level of security for businesses that need it, but in different parts of operations. They are all equally important, though, and you should consider each of them to optimize network security.
Implementing the right security measures can be challenging, to say the least. Coleman Technologies can help your business implement useful new additions to your security infrastructure. To learn more, reach out to us at (604) 513-9428.
What is Encryption?
Encryption is a security measure meant to thwart any would-be hackers from using your stolen data to further their ambitions. Think about it like this; without encryption, hackers would gain access to your files, plain as day. Encryption provides a measure that keeps hackers from using your organization’s data even if they were to gain access to it. It essentially scrambles data to everyone who doesn’t have the decryption key, rendering it useless.
One particular technology that uses encryption to a considerable degree is a virtual private network, or VPN. A VPN can connect your employees to your infrastructure regardless of their location in a secure way. Think of it like this; the connection between your employee’s device and your network is normally a clear tube that can be observed by anyone ambitious enough to look for it. Rather than leave it as is, encryption makes the tube opaque--enough to obscure what’s inside so it’s not quite clear for any unwanted onlookers.
Why is it Important?
You can imagine the immense importance of encryption in today’s data-oriented business world. If you’re not taking every measure possible to secure your data, you could be making a huge mistake. Encryption in particular is important for assuming the absolute worst. You can never know when your data will be stolen, so it’s best to take preventative measures to ensure that it will cause a minimal amount of damage should it occur. If your encrypted data is stolen, it will simply be unusable without spending far too much effort to get the data into a readable state.
Coleman Technologies can equip your business with encryption services that you can count on to keep your data as safe as can be. To learn more, reach out to us at (604) 513-9428.
Why Use a VPN?
A virtual private network works by protecting your network from prying eyes while data is in transit. While you’re out of the office and connected to a network, any data that moves between your device and your internal infrastructure is susceptible to being intercepted. Any villain with the right tools could snatch your data while it’s moving from one location to the next. A VPN makes this task more difficult for the hacker, if not outright impossible.
Understanding a VPN
Any network should be encrypted to keep the data stored on it safe, and a virtual private network takes this one step further by implementing an encrypted connection while out of the office or on a different network. This is particularly helpful if you don’t trust the integrity of the web connection you are currently using (and you shouldn’t--hotels, coffee shops, and other public places attract all sorts of folks). If data sent to and from a device is encrypted, hackers have a harder time making heads or tails of the data or its purpose, thereby removing the incentive to actually steal it.
To be fair, a VPN doesn’t necessarily make it harder for data to be stolen--rather, it makes it harder to be read, analyzed, or interpreted. It transforms the data into a jumbled mess that can only be decrypted by someone who has the encryption key. This makes the data stolen significantly less valuable, as hackers can’t really do anything with encrypted data. At the absolute worst, the hacker will spend an insane amount of time trying to crack the encryption, and it’s entirely likely that they will simply give up or see it as not worth the effort.
If your business wants to maximize security for remote workers or traveling, a virtual private network is a necessity. Coleman Technologies can help you implement the best one for your budget. To learn more, reach out to us at (604) 513-9428.
First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.
Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.
How does your data get stolen? There are plenty of ways, but here are a few popular methods:
In almost half of reported identity theft cases, the victim knew the criminal.
Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.
You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.
News & Updates
Contact us
Learn more about what Coleman Technologies can do for your business.
Coleman Technologies Inc.
20178 96 Avenue, C400
Langley, British Columbia V1M 0B2
Operations Center
6600 Chase Oaks Blvd, Suite 100 Plano
TX 75023
